Fortinet NSE4 Exam Dumps 2021

NEW QUESTION 1
Which of the following statements are true about Man-in-the-middle SSL Content Inspection? (Choose three.)

• A. The FortiGate device “re-signs” all the certificates coming from the HTTPS servers
• B. The FortiGate device acts as a sub-CA
• C. The local service certificate of the web server must be installed in the FortiGate device
• D. The FortiGate device does man-in-the-middle inspection.
• E. The required SSL Proxy certificate must first be requested to a public certificate authority (CA).

Answer: BCE

NEW QUESTION 2
Examine the exhibit shown below; then answer the question following it.

Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

• A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.
• B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.
• C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
• D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.

Answer: A

NEW QUESTION 3
Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)

• A. IP Address Check
• B. Open Relay Database List (ORDBL)
• C. Black/White List
• D. Return Email DNS Check
• E. Email Checksum Check

Answer: ABCDE

NEW QUESTION 4
What are examples of correct syntax for the session table diagnostics command? (Choose two.)

• A. diagnose sys session filter clear
• B. diagnose sys session src 10.0.1.254
• C. diagnose sys session filter
• D. diagnose sys session filter list dst.

Answer: AC

NEW QUESTION 5
An administrator has formed a high availability cluster involving two FortiGate units.
[Multiple upstream Layer 2 switches] – [FortiGate HA Cluster] – [Multiple downstream Layer 2 Switches]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take? The administrator should

• A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode.
• B. Enable monitoring of all active interfaces.
• C. Set up a full-mesh design which uses redundant interfaces.
• D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

Answer: C

NEW QUESTION 6
What are the ways FortiGate can monitor logs? (Choose three.)

• A. MIB
• B. SMS
• C. Alert Emails
• D. SNMP
• E. FortiAnalyzer
• F. Alert Message Console

Answer: CDF

NEW QUESTION 7
Which of the following are considered log types? (Choose three.)

• A. Forward log
• B. Traffic log
• C. Syslog
• D. Event log
• E. Security log

Answer: BDE

NEW QUESTION 8
Which FSSO agents are required for a FSSO agent-based polling mode solution?

• A. Collector agent and DC agents
• B. Polling agent only
• C. Collector agent only
• D. DC agents only

Answer: A

NEW QUESTION 9
Review the IPS sensor filter configuration shown in the exhibit.

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)

• A. It does not log attacks targeting Linux servers.
• B. It matches all traffic to Linux servers.
• C. Its action will block traffic matching these signatures.
• D. It only takes affect when the sensor is applied to a policy.

Answer: CD

NEW QUESTION 10
What determines whether a log message is generated or not?

• A. Firewall policy setting
• B. Log Settings in the GUI
• C. 'config log' command in the CLI
• D. Syslog
• E. Webtrends

Answer: A

NEW QUESTION 11
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)

• A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers.
• B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.
• C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.
• D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
• E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

Answer: ABE

NEW QUESTION 12
Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)

• A. Asymmetric Keys
• B. CA root digital certificates
• C. RSA signature
• D. Pre-shared keys

Answer: CD

NEW QUESTION 13
Regarding the use of web-only mode SSL VPN, which statement is correct?

• A. It support SSL version 3 only.
• B. It requires a Fortinet-supplied plug-in on the web client.
• C. It requires the user to have a web browser that suppports 64-bit cipher length.
• D. The JAVA run-time environment must be installed on the client.

Answer: C

NEW QUESTION 14
In FortiOS session table output, what is the correct ‘proto_state’ number for an established, non-proxied TCP connection?

• A. 00
• B. 11
• C. 01
• D. 05

Answer: C

NEW QUESTION 15
A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SSL VPN settings in the exhibit.

Which of the following SSL VPN login portal URLs are valid? (Choose two.)

• A. http://1.1.1.1:443/Training
• B. https://1.1.1.1:443/STUDENTS
• C. https://1.1.1.1/login
• D. https://1.1.1.1/

Answer: BD

NEW QUESTION 16
Which authentication scheme is not supported by the RADIUS implementation on FortiGate?

• A. CHAP
• B. MSCHAP2
• C. PAP
• D. FSSO

Answer: D

NEW QUESTION 17
For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?

• A. The traffic is allowed and no log is generated.
• B. The traffic is allowed and logged.
• C. The traffic is blocked and no log is generated.
• D. The traffic is blocked and logged.

Answer: C

NEW QUESTION 18
Which header field can be used in a firewall policy for traffic matching?

• A. ICMP type and code.
• B. DSCP.
• C. TCP window size.
• D. TCP sequence number.

Answer: A